The Google Play Store has announced new policies that aim to kick out “free trial” Android apps that use underhand techniques to trick unsuspecting users into signing-up for expensive subscriptions.
As we described in the latest “Smashing Security” podcast with special guest Garry Kasparov, smartphone app stores have been infested with apps that charge users excessive amounts of money if they do not cancel their “subscription” before the end of a short “free trial.”
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Garry, do you do any online gaming?
It's called chess.
Never heard of it.
Yes, of course it is. Oh yeah, I forgot.
Smashing Security, Episode 174: Garry Kasparov and Animal Crossing with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 174.
My name's Graham Cluley.
My name's Graham Cluley.
And I'm Carole Theriault.
And Carole, we're joined by a very special guest today, someone who's a bit of a personal hero of mine.
It is probably the world's greatest ever chess player, chess champion turned activist, security ambassador for Avast. It is, of course, can only be Garry Kasparov.
It is probably the world's greatest ever chess player, chess champion turned activist, security ambassador for Avast. It is, of course, can only be Garry Kasparov.
Hello, Garry. Hello.
Graham is going to be in such a good mood that you're here today, Garry.
I'm not here. I'm in New York.
Yes.
And presumably in your house, locked in.
Yes. Hello from Battery Park, New York.
Well, I hope you've been staying safe and sound over there, Garry.
Yes, absolutely. As much as you can be safe now, hiding in your apartment.
Yes.
We're lucky we have a top floor, so open roof, so we can have a little bit of fresh air every day.
Oh, that's good.
Without walking around.
Crazy times.
It is crazy times. It's like a movie. It's like a Hollywood disaster movie.
You look outside and it's not empty, pretty empty, but still, for New York, you can just count cars crossing the street with the fingers on one hand.
You look outside and it's not empty, pretty empty, but still, for New York, you can just count cars crossing the street with the fingers on one hand.
I mean, you're right, if you were filming a doomsday movie, this would be the perfect time to do it because the streets are deserted.
No, you're not allowed outside, you don't go filming.
You can film from the top of your building.
I think Garry could drive a drone from his rooftop up and down the streets.
Yeah.
Taking some amazing footage like that. I think that's not beyond him. Do something like that. Okay, Carole, what's coming up on today's show?
First, thanks to this week's sponsor, Boxcryptor. Its support helps us give you this show for free. Now, on today's show, Graham finds out for a price which celeb he looks like most.
Garry delves into the intricacies of our new COVID world. And I head to new horizons to see how a popular online game is being used for political ends.
All this and much more coming up on this episode of Smashing Security. Smashing Security.
Garry delves into the intricacies of our new COVID world. And I head to new horizons to see how a popular online game is being used for political ends.
All this and much more coming up on this episode of Smashing Security. Smashing Security.
Now, chums, I have a very important question for you, which is this: do you have a celebrity lookalike?
Okay, I don't think I look like this person. But do you remember Wonder Woman from the '80s?
What, Lynda Carter?
Yeah.
Well, you think—
I have been compared to Lynda Carter in the face, looking like her.
I know, but I was actually not very happy with it because apparently Lynda Carter tattooed her makeup on her face in the '80s.
I know, but I was actually not very happy with it because apparently Lynda Carter tattooed her makeup on her face in the '80s.
I have heard that about her.
It might have been from me in a previous show. Who knows?
Maybe that's not the thing. Maybe it's your satin tights and your lasso of truth and your invisible plane. Garry, have you ever been compared to anyone? Any celebrities?
No.
Because it might be handy for you, because I mean, I think there's probably one or two people who might prefer you extinct.
If you had a lookalike sort of escorting you around on your public events, then it could be quite handy, couldn't it, to have someone like that who's a—
If you had a lookalike sort of escorting you around on your public events, then it could be quite handy, couldn't it, to have someone like that who's a—
I think it was the other way around. So some people were compared to me. I used to be a celebrity. Exactly.
I don't think you know who you're talking to, Graham.
Well, I've been curious about this. And so I took the opportunity to upload your photographs into an app which claims—
Tell me, tell me.
Well, Garry.
I'm getting impatient.
Garry, here's the good news, right? You have a 77% likeness to Brad Pitt.
Oh!
Can you believe that?
77%!
And it only said you had a 70% likeness to Garry Kasparov. So—
So, Garry Kasparov lost to Brad Pitt.
Now, Carole, I uploaded your photograph as well. Well, actually, I was surprised by this. 69% likeness to Courteney Cox from Friends. Apparently.
I don't see it myself, but there you go. Now, of course, it wouldn't be fair to do this game without also uploading my own photograph. I have a 30% similarity to Larry the Cable Guy.
I think he was— I think he did a voice in the Cars movies of Mater the breakdown truck. But I'm also 93%—
I don't see it myself, but there you go. Now, of course, it wouldn't be fair to do this game without also uploading my own photograph. I have a 30% similarity to Larry the Cable Guy.
I think he was— I think he did a voice in the Cars movies of Mater the breakdown truck. But I'm also 93%—
Okay, so your twin?
Henry Kissinger. Which—
Whoa!
But Graham, wait a second. I think it's all about the age.
Oh, thank you.
So it's this— yeah, no, no, no, it's— look, tell me.
He's still alive?
Depends.
You're older than me, Garry. You've got Brad Pitt.
No, no, no, it's the— Kissinger's still alive. No, I'm talking about the age of the— age of the person on the picture. So you use my picture of what, 1985, 1995, 2005, 2015?
No, no, I used a fairly recent one of you.
A recent one? Okay, then I feel much better.
Graham, we could have an alternative way of making money now that you look like Brad Pitt. I mean, we could YouTube your house.
70% is not enough, no, I'm afraid. You cannot play substitution.
So these kind of apps exist and all kinds of things, not only celebrity lookalikes, you can get your selfie tweaked if you're not quite happy with it.
You can even have your palm read, astrology and horoscope apps, face aging apps, et cetera, QR codes.
You can even have your palm read, astrology and horoscope apps, face aging apps, et cetera, QR codes.
By the way, you understand now that's the next frontier of hacking is using AI to play a segment allegedly done by Kasparov or by whoever. So, and it looks almost real.
Yeah, deepfakes, absolutely.
Even images, not just voice, but even images. And that's, yeah, as I said, it's a new frontier.
And I know that there's a lot of research being done now to fight back, but it will not be easy because the damage done by the image of, God knows, the president, the prime minister appearing and saying something could be immeasurable.
And I know that there's a lot of research being done now to fight back, but it will not be easy because the damage done by the image of, God knows, the president, the prime minister appearing and saying something could be immeasurable.
And in the old days, you were able to say, well, if this is a video of the president doing something outrageous or saying something ridiculous, then it can't be true.
Today, however, it's not so easy to make that kind of judgment.
Today, however, it's not so easy to make that kind of judgment.
Yeah, the problem is, yes, in some places, like in the country where I live now, yeah, it is the— probably more damage is done by the real president than by the hoax one.
Anyway, so these apps exist, and there have been concerns about these kind of apps in the past that they might be gathering too much information, maybe collecting facial databases, and who knows what they're going to do.
And of course, people just simply want to know what they're going to look like when they're 68. Like you do. You did.
And of course, people just simply want to know what they're going to look like when they're 68. Like you do. You did.
You uploaded all our pictures.
Well, these were all photos which were already publicly on the internet, so I figured they'd already scooped them up, probably.
Bit disappointing they only made a 70% match with Garry Kasparov, to be honest, for his own photograph. But never mind. Anyway, these apps are often labelled as free.
And the funny thing is that when you actually run the apps, what you find is just about every feature inside the apps is one that has to be paid for.
Bit disappointing they only made a 70% match with Garry Kasparov, to be honest, for his own photograph. But never mind. Anyway, these apps are often labelled as free.
And the funny thing is that when you actually run the apps, what you find is just about every feature inside the apps is one that has to be paid for.
Oh, it's like in-app features are all the features.
Exactly. So if you actually want to experience the app, you need to make an in-app purchase or sign up for a subscription.
Now, I managed to find an app which didn't require me to do any payment, or at least I was able to do at least one run-through with your different images.
But there were other apps where it really tried to ensnare me and where they tried to ask for all kinds of personal information, like my name, my gender, my birthday, you know, scan your palm print for palm reading.
And then when you click the analyze button, then you are prompted to start a free trial.
Now, I managed to find an app which didn't require me to do any payment, or at least I was able to do at least one run-through with your different images.
But there were other apps where it really tried to ensnare me and where they tried to ask for all kinds of personal information, like my name, my gender, my birthday, you know, scan your palm print for palm reading.
And then when you click the analyze button, then you are prompted to start a free trial.
That is outrageous. So basically, you're putting in all your information. See, I'm— maybe it's because I work in this industry, so I hate apps that do that, right?
If I have an app and if it asks for any personal information, I kind of back away really quickly unless I have already researched that app to within an inch of its life.
If I have an app and if it asks for any personal information, I kind of back away really quickly unless I have already researched that app to within an inch of its life.
Me too. It makes me— and this sort of bait and switch of going so far and it's like, oh, I've uploaded the picture now.
'Now I want to see.' So I was doing one of these and it was scrolling images past me of George Clooney and Ronaldo and other hunks as though it were searching the database.
But it said, 'To reveal your match, you now need to sign up for the £7.99 weekly diamond membership subscription.' So what, you thought you actually were gonna look like Ronaldo?
'Now I want to see.' So I was doing one of these and it was scrolling images past me of George Clooney and Ronaldo and other hunks as though it were searching the database.
But it said, 'To reveal your match, you now need to sign up for the £7.99 weekly diamond membership subscription.' So what, you thought you actually were gonna look like Ronaldo?
That's what you were hoping for?
Well, that's— I don't think Ronaldo's a very good comparison, is it?
And just for £8.
If only, eh? Subscriptions. These can obviously be costly. Some of these free apps, or so-called free apps, charge up to $30 a month or $9 a week for—
Who is paying for that shit?
Well, incredibly, quite a lot of people, it seems.
Some of the top-grossing apps in the Apple App Store, according to researchers at Sophos, are doing exactly these kind of things and are making millions.
There is an app called Zodiac Master Plus, for instance, the 11th highest-grossing app.
And you have to jump through all kind of hoops, including buying a subscription to get anything. And although they will be promoted as free and they're promoted hard, by the way.
So there's advertising in TikTok, on YouTube, on Instagram.
And there are many complaints from people where they said, I saw the advert, I downloaded what was portrayed as a free app, and then they wanted all this information or they wanted me to subscribe and there was nothing which I could do, and some people— Yeah, you just delete it.
Well—
Some of the top-grossing apps in the Apple App Store, according to researchers at Sophos, are doing exactly these kind of things and are making millions.
There is an app called Zodiac Master Plus, for instance, the 11th highest-grossing app.
And you have to jump through all kind of hoops, including buying a subscription to get anything. And although they will be promoted as free and they're promoted hard, by the way.
So there's advertising in TikTok, on YouTube, on Instagram.
And there are many complaints from people where they said, I saw the advert, I downloaded what was portrayed as a free app, and then they wanted all this information or they wanted me to subscribe and there was nothing which I could do, and some people— Yeah, you just delete it.
Well—
Nothing they could do.
You could do that. But in some cases, what people are saying is that even deleting the app did not actually remove their subscription.
Really?
People imagine that deleting the app gets rid of the subscription, and it ain't necessarily so. You have to go into the Apple settings.
You have to go into your Android settings in the Google Play Store to actually properly unsubscribe from these things.
You have to go into your Android settings in the Google Play Store to actually properly unsubscribe from these things.
Yeah, but that's a classical trick when you just go to, let's say, to Amazon Prime Video and they offer you to watch movies and you can do a trial period and there are many, many options there from HBO to Smarts and many others.
And it's a trial period, a week, but then to unsubscribe, it's so difficult that you just stay there. You don't want to push all the buttons.
And it's a trial period, a week, but then to unsubscribe, it's so difficult that you just stay there. You don't want to push all the buttons.
Yeah, it's too complicated.
Exactly, unsubscribing is very complicated.
And I think many people may not spot the small print. When I was installing some of these apps, it was in small, light grey writing on a white background.
You have trouble with contrast, don't you?
I do have contrast issues. My eyesight is not perfect. And it actually said you had to cancel at least 24 hours before the payment was made.
So you may have a 3-day trial, and so you actually have less time than you imagine before you start ending up paying.
And people are leaving zero-star reviews, but these things are continuing to be really, really successful.
Over 100 million devices have installed what Sophos is calling fleeceware apps.
So you may have a 3-day trial, and so you actually have less time than you imagine before you start ending up paying.
And people are leaving zero-star reviews, but these things are continuing to be really, really successful.
Over 100 million devices have installed what Sophos is calling fleeceware apps.
So how come companies Apple, for example, with its little vetted policy, is not spotting these, do you think?
They're clearly not policing it well enough, are they? Now, some people are a bit suspicious because Apple makes 30% of the revenue which is generated in the first year.
I think after a first year, it goes down to 15%, but it's still a serious wad of cash.
I think after a first year, it goes down to 15%, but it's still a serious wad of cash.
But Carole, but it's not illegal. I mean, they can say, look, you have enough time just to unsubscribe technically. And if it's difficult, that's not our fault.
So just don't fall into this trap in the first place by subscribing or by doing the trial period.
But it's very hard for people, especially these days when we're all stuck at home in front of our computers. I mean, not to be tempted to do something which is called free trial.
So just don't fall into this trap in the first place by subscribing or by doing the trial period.
But it's very hard for people, especially these days when we're all stuck at home in front of our computers. I mean, not to be tempted to do something which is called free trial.
Yeah.
And when I was using one of these apps earlier today to compare your photographs and things—
Fuck you for that.
It pops up this subscription dialog, $7.99 a week or whatever it was. And all it needed was my thumbprint to carry on. I could have accidentally—
That's a data collection. Yeah, that's another story.
But not even that. But it makes the payment so easy.
Right?
Because it doesn't even feel money. So I'm imagining this kind of app is probably popular, probably now all time of days. But, you know, people have had a few drinks, right?
Or they're with their friends and they're, oh, let's play a game. Let's see what celebrity you look. You don't realize that you're on an ongoing subscription fee.
Or they're with their friends and they're, oh, let's play a game. Let's see what celebrity you look. You don't realize that you're on an ongoing subscription fee.
Well, they might not be with their friends at the moment, but they certainly could be drinking.
Sorry. They might be connecting online using Zoom and all its privacy issues.
That certainly is also a possibility. So our advice for people is always read the small print, especially if it's in a little gray font that's hard to see.
Any app which asks you for lots of information before it gives you the goods or asks you to pay, think really hard about whether you really want to give that information and acquaint yourself with how to unsubscribe from apps, either on your phone or on your Google account.
What we'll do is we will link in the show notes to a description of how you can do that, because I think a lot of people aren't aware of just how— and to first of all, check what subscriptions you may have and make sure that you cancel them.
And it's always better, I think, to try out apps before you sign up.
So don't hand over any of your payment card information until you're absolutely sure that this is an app which is bringing some value.
And a lot of these apps actually are things which can be done for free.
Any app which asks you for lots of information before it gives you the goods or asks you to pay, think really hard about whether you really want to give that information and acquaint yourself with how to unsubscribe from apps, either on your phone or on your Google account.
What we'll do is we will link in the show notes to a description of how you can do that, because I think a lot of people aren't aware of just how— and to first of all, check what subscriptions you may have and make sure that you cancel them.
And it's always better, I think, to try out apps before you sign up.
So don't hand over any of your payment card information until you're absolutely sure that this is an app which is bringing some value.
And a lot of these apps actually are things which can be done for free.
But just to add a few words about computer literacy. About 6 months ago, I think in October, I had an event in London. I was a guest and spoke at a computer fair with Avast CEO.
And it was all about cybersecurity, about privacy.
And just out of my curiosity, I asked the audience, about 250 people, and it's not just ordinary people from the street, so that's the audience that attended the tech exhibition, how many people can find in their Google menu the button to forget?
And it was all about cybersecurity, about privacy.
And just out of my curiosity, I asked the audience, about 250 people, and it's not just ordinary people from the street, so that's the audience that attended the tech exhibition, how many people can find in their Google menu the button to forget?
Yeah.
How many hands? About 250 people in the room. 3 hands.
Yeah.
Just tells you everything about the attention people are paying to these details and the level of complacency. It's just phenomenal.
I guess most people are just thinking, well, I'll just Google it. You know, I don't have to remember anything anymore. I'll find it that way.
Maybe.
So Garry, what do you want to talk to us about this week?
There are many stories, but I picked up one. It's, I found it on Voice of America. It's a global move to telecommute work increases security risks.
People used to work online from their offices.
And it's a very different level of security because companies have spent decades building up enterprise security, administrators, tech support, consultants, layers of security, red teams, blue teams, you name it.
Encrypted phones, secure computers, and suddenly nobody's in the office. Yeah, I would call it the instant Hillary effect, as everyone has a home server.
Yeah, and it is as if you build a huge castle with thick stone walls and a moat to protect your people from the barbarian hordes, but suddenly you have to move everyone out of the castle into the fields.
The barbarians were at the gates before, but now there are not any gates.
And you don't have to be a rocket scientist to understand that very few people have a secure laptop to take home from the office or encrypted phone.
People used to work online from their offices.
And it's a very different level of security because companies have spent decades building up enterprise security, administrators, tech support, consultants, layers of security, red teams, blue teams, you name it.
Encrypted phones, secure computers, and suddenly nobody's in the office. Yeah, I would call it the instant Hillary effect, as everyone has a home server.
Yeah, and it is as if you build a huge castle with thick stone walls and a moat to protect your people from the barbarian hordes, but suddenly you have to move everyone out of the castle into the fields.
The barbarians were at the gates before, but now there are not any gates.
And you don't have to be a rocket scientist to understand that very few people have a secure laptop to take home from the office or encrypted phone.
Yeah.
So even companies and agencies with the ability, they are overextended now and scrambling and leaving this a lot of holes.
So, and every link in home security is going to be weaker than in the office.
So, and every link in home security is going to be weaker than in the office.
How many people do you think, Garry, are actually having to use their own devices, their own computers to access the network?
I think now it's almost everybody.
Yeah.
You know, the problem is it's not just technology, but it's about habits.
So because people are used to a certain level of security, that's why they pay very little or no attention to the potential threats.
And the bad state actors are eyeing government employees and corporate espionage.
It's absolutely perfect because people are getting a lot of new information being sent, new links, new protocols every day. So that's easy. And good security isn't just tech.
It's, as I said, it's a lot of good habits and protocols. And those are all disrupted now. So even school kids are being switched around from one platform to another.
So because people are used to a certain level of security, that's why they pay very little or no attention to the potential threats.
And the bad state actors are eyeing government employees and corporate espionage.
It's absolutely perfect because people are getting a lot of new information being sent, new links, new protocols every day. So that's easy. And good security isn't just tech.
It's, as I said, it's a lot of good habits and protocols. And those are all disrupted now. So even school kids are being switched around from one platform to another.
Yeah.
I mean, that all happened with the whole Zoom fiasco over the last few weeks with everyone kind of spiking towards using it and they not keeping up with security even though the checks weren't there, but everyone was in a panic.
So no one was really looking at the fine print.
I mean, that all happened with the whole Zoom fiasco over the last few weeks with everyone kind of spiking towards using it and they not keeping up with security even though the checks weren't there, but everyone was in a panic.
So no one was really looking at the fine print.
This is what we know, that cyber vulnerabilities are compounded by the general sense of newness and uncertainty.
And there's so much uncertainty now, and it's all new, and people don't know how to navigate in this new environment.
In that environment, it's even harder than usual to be cautious, to detect a phishing attempt.
And there's so much uncertainty now, and it's all new, and people don't know how to navigate in this new environment.
In that environment, it's even harder than usual to be cautious, to detect a phishing attempt.
And I guess if you were someone who regularly worked outside of the office, if you were on the road or if you were working from home, you maybe have been given a computer laptop by your business.
It may be that you're a little bit more used to that, but now we have this larger community of people who never had any reason for working from home and they've had to relocate and they are experiencing this.
Chances are they haven't been given a laptop at the beginning of being isolated at home.
And so they're just making do with whatever they have, which might be running really old versions of the operating system, may already be infected with things.
Today, on the day we're recording this, it's the first Patch Tuesday since we all started staying at home. So Microsoft is pushing out operating system patches.
And I wonder how many people will be applying those at home and how people will be coping with that, because that's something which used to be done in your workplace by the IT department, and maybe they don't have oversight on your computer any longer.
It may be that you're a little bit more used to that, but now we have this larger community of people who never had any reason for working from home and they've had to relocate and they are experiencing this.
Chances are they haven't been given a laptop at the beginning of being isolated at home.
And so they're just making do with whatever they have, which might be running really old versions of the operating system, may already be infected with things.
Today, on the day we're recording this, it's the first Patch Tuesday since we all started staying at home. So Microsoft is pushing out operating system patches.
And I wonder how many people will be applying those at home and how people will be coping with that, because that's something which used to be done in your workplace by the IT department, and maybe they don't have oversight on your computer any longer.
Yeah, the story I mentioned talks about threats to journalists.
Yeah, it's because countries like Russia, Iran, Turkey, China all have a long record of targeting journalists this way. But now it's a perfect moment.
Yeah, it's because countries like Russia, Iran, Turkey, China all have a long record of targeting journalists this way. But now it's a perfect moment.
Yeah, that is a really good point, Garry.
But also there was another story earlier that I think two or three weeks ago, story broke about a very sophisticated replica of the World Health Organization website.
Right.
And they use this web portal, okay, a hoax, a fake web portal for phishing.
So what the scammers were trying to get credentials to break into the official system and imagine the havoc they could cause and the potential value of knowing about treatments or anything else.
So what the scammers were trying to get credentials to break into the official system and imagine the havoc they could cause and the potential value of knowing about treatments or anything else.
Yeah, and that's not regular cybercriminals, is it, who would be interested, I would imagine, in doing that?
You expect some foul play from a sort of state-sponsored attack attacking someone like you?
You expect some foul play from a sort of state-sponsored attack attacking someone like you?
Yeah, of course, state-sponsored attacks, they're deadliest.
But even smart hackers, they understand that there's so many new opportunities now because the crowd is in the open field.
And again, people used to be protected by the thick and tall walls. And now they're on their own and they don't even see the threat coming.
I spoke to people in Avast and they recorded several attacks on hospitals in Czech Republic and Slovakia.
Again, same story is collecting data and it's very difficult for people to understand that the threat is coming.
So because they're looking for help anywhere now, people are desperate and that's an ideal moment to send a message saying, oh, here you can get help you need, please give me your data.
But even smart hackers, they understand that there's so many new opportunities now because the crowd is in the open field.
And again, people used to be protected by the thick and tall walls. And now they're on their own and they don't even see the threat coming.
I spoke to people in Avast and they recorded several attacks on hospitals in Czech Republic and Slovakia.
Again, same story is collecting data and it's very difficult for people to understand that the threat is coming.
So because they're looking for help anywhere now, people are desperate and that's an ideal moment to send a message saying, oh, here you can get help you need, please give me your data.
Yeah.
And it's almost like the first time in the entire history of the world where everyone is paying attention to the same thing at the same time. So we're all interested in this.
So there's a really wide net to ensnare people into phishing ploys and other nasties online.
So there's a really wide net to ensnare people into phishing ploys and other nasties online.
Yeah, there are certainly lots of coronavirus scams and phishing attacks and extortion attempts which are going on at the moment.
So it's something people really need to be careful about. And obviously we're all obsessed by the news at the moment. Well, I am.
I don't know, some people just want to put their head in the sand, don't they? Oh, well, I can understand that. Maybe for your own mental health.
So it's something people really need to be careful about. And obviously we're all obsessed by the news at the moment. Well, I am.
I don't know, some people just want to put their head in the sand, don't they? Oh, well, I can understand that. Maybe for your own mental health.
I'm not at my Pick of the Week yet. I'm not jumping my story, but just, you know, I've done one for the COVID addicts and the ones who need to get away. I've done two.
Okay. Alright. Thank you so much, Garry. Carole, what have you got for us this week?
Well, first, Garry, do you do any online gaming?
It's called chess.
Never heard of it. Yes, of course it is.
Oh yeah, I forgot. Of course. Of course you understand gaming. But I wanted a story that involved gaming. And politics and censorship.
So the Nintendo Switch, this is a hot ticket item in our PC world. I don't know if they have any chess games on the Nintendo Switch.
So the Nintendo Switch, this is a hot ticket item in our PC world. I don't know if they have any chess games on the Nintendo Switch.
They certainly do. Do they?
Listen to me.
I don't know. Probably chess is everywhere. And I guess Nintendo should have all sorts of versions of chess, like Japanese chess, shogi, and maybe Thai chess.
So there are many versions played in the world.
So there are many versions played in the world.
Yeah, I'm only a beginner in this world of chess. But you won't be able to get a Switch anytime soon, Garry, because they've run out of consoles.
And they're actually posting online saying this is when they'll be available.
And they're actually posting online saying this is when they'll be available.
Ah.
I really wanted to talk about one of the last entrants to the Nintendo Switch franchise of games. And that is the Animal Crossing game New Horizons.
Aha.
This came out less than a month ago, and already it's taken the gaming world by storm. Loads of people are playing it, even Graham, I think you're playing it at the moment.
I am. My son got, my wife actually is the real Animal Crossing fan, but she has now infected my son and—
That's not words we use right now, Cluley.
No, probably not. Okay. But she influenced him. But he insisted that I also create a character for his island.
So I am having to log in every day and I don't know, pick flowers or something. It's absolutely, it's run by this Thom Nook, David Koresh-like figure.
So I am having to log in every day and I don't know, pick flowers or something. It's absolutely, it's run by this Thom Nook, David Koresh-like figure.
It's like a cult.
Okay. But, but, but, but, but, okay. This is unlike most games. Okay.
Because most games, as far as I'm concerned, you're killing people, you're racing cars, you're engaged in combat of some sort.
Because most games, as far as I'm concerned, you're killing people, you're racing cars, you're engaged in combat of some sort.
Yeah.
And this is more of a, you're kind of on an alternate reality platform and you're managing your island resources, your residents, your products.
And you're basically trying to grow this virtual island economy.
And you're basically trying to grow this virtual island economy.
It's like a paradise in a way, isn't it? Apart from the fact that you're camping. Other than that, it is rather nirvana-like, yes.
Now, so basically you can sell fish and you can, you know, fish. How do you say that? Go fishing.
You can go fishing and then you can sell your fish at the market and you can collect bugs for a museum and all this kind of stuff.
Most people find this very charming, but not everyone does. PETA Kids put out a guide for vegans with an FAQ that said, is fishing in Animal Crossing vegan?
And their FAQ answer is, this is a biggie. You shouldn't fish in real life, so you shouldn't do it in the game either.
You can go fishing and then you can sell your fish at the market and you can collect bugs for a museum and all this kind of stuff.
Most people find this very charming, but not everyone does. PETA Kids put out a guide for vegans with an FAQ that said, is fishing in Animal Crossing vegan?
And their FAQ answer is, this is a biggie. You shouldn't fish in real life, so you shouldn't do it in the game either.
Oh, well, that's going to limit you in the game somewhat, isn't it? I mean, right? Well, the fish don't—
They're not real fish.
Okay, they're not real fish, but the fish don't die in the game, do they? They're just sort of—
Graham, do you play shoot 'em up games? Does that mean you do it in real life?
No, I suppose not. No, I don't.
Garry plays chess. He kills the queen, right? Doesn't do that in real life. He's not after Liz.
Look, I think a lot of people now, they're just losing their sense of identifying what's real and what's not.
Yes.
That's why I think, you know, especially these days when you spend so many hours in front of the screen, so I think we're tempted to take everything that's happening on the screen for real.
Watch how real this gets, Garry. It's crazy.
So they don't like people fishing. So PETA are against Animal Crossing for that reason.
The Reddit community thought it was a link to an Onion article. I think that says it all.
They didn't complain about the fact that many of the animal characters in the game are there living in houses, wearing clothes from brands. Yeah, getting a pretty nice life. Right.
Well, you shouldn't really dress up animals either, should you? I mean, I think—
Well, you shouldn't really dress up animals either, should you? I mean, I think—
Why, what about George Orwell's Animal Farm?
Yeah. Oh yes, Animal Farm, yes. Yes.
Exactly. Interesting connection there. I'm gonna have to think about that one.
Yeah, I'm a Russian, so it's the most natural connection I can make.
So the thing is, is this game is not just an offline game, although you can totally play offline and have a great old time. You also can get an online Nintendo subscription.
And with this new version of Animal Crossing, you can download this NookLink app on your iPhone or Android phone. All right.
And with this new version of Animal Crossing, you can download this NookLink app on your iPhone or Android phone. All right.
Yeah. Okay. Yeah, yeah.
So the combination of these two services with the game, once registered, lets you do all kinds of creative, unique stuff, right?
So I could cover my island with pictures of Garry Kasparov, right, on my island, and people come visit and I call it Garry Kasparov Island. I could do that.
So I could cover my island with pictures of Garry Kasparov, right, on my island, and people come visit and I call it Garry Kasparov Island. I could do that.
Or Brad Pitt, perhaps.
Or Brad Pitt.
No one would know the difference.
Close match, close match.
Yes, it's like 77%.
And then you could come to Henry Kissinger Island, come and visit me.
No. But this app on the phone also lets you communicate with players while you're playing. So you have voice chat, text message, all that stuff going on.
Right.
So now that we have this, if you imagine right now we're all in this lockdown, people can't attend weddings, birthdays, graduations, etc.
Yeah, yeah.
Office openings. Things, they're doing it all on Animal Crossing. So there's this digital world. And because you can do this kind of, can I say this word, unicifying?
The answer is no, you can't say that word.
Making your island very unique, or just unique, I suppose is correct.
You know, you can show off, you can say, "Yeah, yeah, I got that pattern," or "Yeah, I got this really cool" or "I got this Smashing Security t-shirt." So why is this interesting?
Let's go to China, because this is not just being used for friends and family to connect, but people realise that maybe they can get a political message out using Animal Crossing.
Now I should say first that Animal Crossing isn't officially available in China and hasn't been officially available in China, but this has not stopped tons of Chinese gamers playing the game by getting it in what they call the grey market.
And this involves platforms like Pinduoduo and the eBay equivalent, Taobao, that's from Alibaba.
So these are just basically just places where you can buy not officially sanctioned, approved gaming apps.
And the reason they're all interested in this is Tencent Nintendo, we made a deal. So the Switch is now an approved console and available in China.
So everyone has these consoles, they want to play the latest games, and they're going to the grey market to get them if they're not officially available.
You know, you can show off, you can say, "Yeah, yeah, I got that pattern," or "Yeah, I got this really cool" or "I got this Smashing Security t-shirt." So why is this interesting?
Let's go to China, because this is not just being used for friends and family to connect, but people realise that maybe they can get a political message out using Animal Crossing.
Now I should say first that Animal Crossing isn't officially available in China and hasn't been officially available in China, but this has not stopped tons of Chinese gamers playing the game by getting it in what they call the grey market.
And this involves platforms like Pinduoduo and the eBay equivalent, Taobao, that's from Alibaba.
So these are just basically just places where you can buy not officially sanctioned, approved gaming apps.
And the reason they're all interested in this is Tencent Nintendo, we made a deal. So the Switch is now an approved console and available in China.
So everyone has these consoles, they want to play the latest games, and they're going to the grey market to get them if they're not officially available.
So why aren't these games available?
Because China likes to review all games, and it's not a tiny, tiny game.
It's got a lot of connectivity power, and it wants to check everything out and make sure it's right for its market.
It's got a lot of connectivity power, and it wants to check everything out and make sure it's right for its market.
Did you say right for the market or right for people?
Correct.
Yeah.
Or right for the government.
Yeah, exactly. Absolutely. The top priority in non-democratic countries is not the interest of the market or just, you know, interest of the customers.
It's more about, you know, the images and the ideas that the customers can receive from playing these games.
It's more about, you know, the images and the ideas that the customers can receive from playing these games.
Because of course, these regimes want to know what people are saying on social networks to each other. They want to keep close track on that.
And I imagine you can obviously have a conversation, you can have a date inside video games as well.
And I imagine you can obviously have a conversation, you can have a date inside video games as well.
I guess they just can't parse the logs of the game yet to be able to see who's saying what.
However, last week, this is where it all comes to a head a little bit, because last week, a young Hong Kong democratic activist, Joshua Wong, took his protest to Animal Crossing.
And because you can upload images and then create clothing or household items and whatever else on the island, he decided to do that and create a banner that says, "Free Hong Kong, revolution now," and then posted a screenshot of this image on Twitter.
However, last week, this is where it all comes to a head a little bit, because last week, a young Hong Kong democratic activist, Joshua Wong, took his protest to Animal Crossing.
And because you can upload images and then create clothing or household items and whatever else on the island, he decided to do that and create a banner that says, "Free Hong Kong, revolution now," and then posted a screenshot of this image on Twitter.
Right.
And Reuters reported that since he posted this Twitter post, you can't find Animal Crossing on the grey market anymore.
Well, you can on Alibaba's Taobao, but it's difficult because some vendors are trying to circumvent the crackdown by directing potential buyers towards a listing that sell the game without using the title in the description.
So it's basically, it's not there. You can't see it unless you go really digging.
Well, you can on Alibaba's Taobao, but it's difficult because some vendors are trying to circumvent the crackdown by directing potential buyers towards a listing that sell the game without using the title in the description.
So it's basically, it's not there. You can't see it unless you go really digging.
So you won't see the game advertised as Animal Crossing, but you might be told "game on islands where you can catch fish if you want to, and collect bugs."
Look, as someone who grew up in the Soviet Union, so I know how authorities in the totalitarian countries, how they're concerned about any metaphor. Because they don't know.
It's something that cannot be put in a box and they cannot classify it. So they'd rather have it removed and erased. That's a normal reaction of any censor.
It's something that cannot be put in a box and they cannot classify it. So they'd rather have it removed and erased. That's a normal reaction of any censor.
I'm surprised though, they didn't kind of maybe ban Joshua Wong from the game if they didn't like what he was saying.
And he certainly, I mean, he put pictures of his island showing portraits of Chinese presidents.
President Xi Jinping and the World Health Organization head Tedros Adhanom at a funeral simulation with a sign saying Wuhan pneumonia.
He's trying to do some, you know, some shaky shaky to get attention.
And he certainly, I mean, he put pictures of his island showing portraits of Chinese presidents.
President Xi Jinping and the World Health Organization head Tedros Adhanom at a funeral simulation with a sign saying Wuhan pneumonia.
He's trying to do some, you know, some shaky shaky to get attention.
It reminds me a little bit of when China's internet censors had a bit of a go targeting Winnie the Pooh and TikTok. Remember this?
Yeah, because there was a comparison made between President Xi and Winnie the Pooh, and I think Obama was Tigger.
Something as harmless as Winnie the Pooh upsets a country that great. Amazing.
Yeah, because there was a comparison made between President Xi and Winnie the Pooh, and I think Obama was Tigger.
Something as harmless as Winnie the Pooh upsets a country that great. Amazing.
But it's interesting to me that we have these political causes and then you have a game that's effectively, you know, viral quote unquote success.
You know, it's spread really quick. Everyone's playing Animal Crossing. You have the pandemic, which has everyone locked inside.
And then you have someone that has managed to use both those talking points to try and get attention from the media, including me covering it today.
You know, it's spread really quick. Everyone's playing Animal Crossing. You have the pandemic, which has everyone locked inside.
And then you have someone that has managed to use both those talking points to try and get attention from the media, including me covering it today.
So the Streisand effect is in Animal Crossing. There you go.
But so I want to say that this doesn't mean that anyone should avoid Animal Crossing. I hated it at first. I found it very stressful.
But I think if you need, you know, I've learned how to chill with the game. And I think it's really good for both young kids and adults alike. I can see its benefits.
And you can play offline. You don't have to go online.
But I think if you need, you know, I've learned how to chill with the game. And I think it's really good for both young kids and adults alike. I can see its benefits.
And you can play offline. You don't have to go online.
Carole, send me your friend code. I'll come visit your island. I will.
I will. I will. We'll do that. Well, I was thinking actually, Graham, I think maybe we should do an Animal Crossing Smashing Security. No idea.
Well, invite everyone to our island.
Invite everyone to our island. Because you know what? When people come and visit your island, they give you a present. And then that present, you can go to the store.
Yeah, because they say, thank you for inviting us to your island.
Yeah, because they say, thank you for inviting us to your island.
Oh, that's nice. You could get loaded with bells. I look forward to that. That's fantastic.
Hey, Graham.
Yes.
So I've got a problem.
Yes.
I use a cloud service, I put all my files and data up there, and I'm kind of nervous about prying eyes looking at it. Any advice?
Yeah, you've got to encrypt it. So what I would recommend is use a piece of software like Boxcryptor.
It's what I run on my computer, and any file before it gets uploaded to those cloud services gets encrypted with my own keys, which I control.
So the cloud service itself can't see the contents of the files which I'm putting on the cloud drive. It's all encrypted.
It's what I run on my computer, and any file before it gets uploaded to those cloud services gets encrypted with my own keys, which I control.
So the cloud service itself can't see the contents of the files which I'm putting on the cloud drive. It's all encrypted.
Cool. I'll check it out.
Well, now's a great time to do it because they're offering a fantastic 40% discount to listeners of the Smashing Security podcast.
If you want a Boxcryptor personal license for private use or a Boxcryptor business account, perfect for the self-employed, go to smashingsecurity.com/boxcryptor.
If you want a Boxcryptor personal license for private use or a Boxcryptor business account, perfect for the self-employed, go to smashingsecurity.com/boxcryptor.
I'm on the show.
And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week.
Excellent. Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related. Necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related. Necessarily.
Should not be.
And my pick of the week this week is not security related.
I thought we all needed a bit of a cheer up, so I found an amusing story in the newspaper all about— I don't— do you guys like surprises?
I'm not a big fan of surprise parties and things like that.
I thought we all needed a bit of a cheer up, so I found an amusing story in the newspaper all about— I don't— do you guys like surprises?
I'm not a big fan of surprise parties and things like that.
Or what, people? Don't worry about that anymore, dude.
I'm not that keen on people either. But I read about this chap, this 64-year-old guy who was retiring from his job working for the French Air Force.
He wasn't actually a pilot himself, but he was working inside the Ministry of Defense over there.
And it was his retirement day, and his colleagues decided that they would organize a surprise for him.
And the surprise which they organized for him from an airbase in eastern France was to have a flight in a £65 million fighter jet.
With him in the back, and obviously a trained pilot in the front.
He wasn't actually a pilot himself, but he was working inside the Ministry of Defense over there.
And it was his retirement day, and his colleagues decided that they would organize a surprise for him.
And the surprise which they organized for him from an airbase in eastern France was to have a flight in a £65 million fighter jet.
With him in the back, and obviously a trained pilot in the front.
Okay.
And so they took him to this— they didn't give him any warning. They just took him to this place and said, "Oh, we've got a surprise for you. See this plane?
You're getting in it, mate." And they attached a camera to the top of his helmet. And they quickly sort of got him into the uniform.
They'd asked for permission from the Ministry of Defence. And they put him into the back of the plane. And I think he was a little bit apprehensive.
But you know how you feel when people organize something for you? Feel kind of like, I've got to go along with this. Bit like when Miko Hypponen had his ponytail cut off on stage.
You kind of feel you're going to ruin everything if you don't go along with it.
Similarly, when I played chess with Garry Kasparov at a simultaneous, I thought, I could beat Garry, but maybe this time I won't.
I'll just— it'll look bad, you know, so I'll let him win on this occasion, right?
You're getting in it, mate." And they attached a camera to the top of his helmet. And they quickly sort of got him into the uniform.
They'd asked for permission from the Ministry of Defence. And they put him into the back of the plane. And I think he was a little bit apprehensive.
But you know how you feel when people organize something for you? Feel kind of like, I've got to go along with this. Bit like when Miko Hypponen had his ponytail cut off on stage.
You kind of feel you're going to ruin everything if you don't go along with it.
Similarly, when I played chess with Garry Kasparov at a simultaneous, I thought, I could beat Garry, but maybe this time I won't.
I'll just— it'll look bad, you know, so I'll let him win on this occasion, right?
Ignore him, Garry.
I'm grateful.
Yeah, he is ungrateful.
So this chap's name hasn't been released to spare his blushes, but he was gifted this flight, this incredible fighter jet.
And the fighter jet took off, and normally a plane ascends at about 10 or 15 degrees into the air.
This one was going off at about 45 degrees into the air, and within 10 or 20 seconds, this guy, because of the G-force and being thrown around because he hadn't been quite strapped in properly enough, he realized he needed to steady himself.
And so he grabbed hold of something and pulled, and it was the ejector seat.
And he was flung out of this plane into his parachute, was left dangling in mid-air on his last day at work.
Normally, when the ejector seat goes off in this particular plane, it also includes the pilot's seat as well. But it didn't happen on this occasion. I'm laughing here.
Apparently his helmet was ripped off, his anti-G trousers weren't fastened properly.
And the fighter jet took off, and normally a plane ascends at about 10 or 15 degrees into the air.
This one was going off at about 45 degrees into the air, and within 10 or 20 seconds, this guy, because of the G-force and being thrown around because he hadn't been quite strapped in properly enough, he realized he needed to steady himself.
And so he grabbed hold of something and pulled, and it was the ejector seat.
And he was flung out of this plane into his parachute, was left dangling in mid-air on his last day at work.
Normally, when the ejector seat goes off in this particular plane, it also includes the pilot's seat as well. But it didn't happen on this occasion. I'm laughing here.
Apparently his helmet was ripped off, his anti-G trousers weren't fastened properly.
You're basically saying read this article.
Well, no, it's just to tell people don't organise surprises for people because they may not want them.
Now, thankfully, this 1,200 miles per hour jet managed to land safely, and the passenger who had been ejected, he fell into a nearby field and he is safe, just minor injuries, and he's safe.
But if it had happened at sea or somewhere else, it could have been much, much worse. And I just imagined the people in his office who arranged this. This will be fun for Bob.
Let's do this. They must have seen this scene of this guy being ejected.
Now, thankfully, this 1,200 miles per hour jet managed to land safely, and the passenger who had been ejected, he fell into a nearby field and he is safe, just minor injuries, and he's safe.
But if it had happened at sea or somewhere else, it could have been much, much worse. And I just imagined the people in his office who arranged this. This will be fun for Bob.
Let's do this. They must have seen this scene of this guy being ejected.
It was definitely fun.
I know, but Bob could just learn how to say no thanks, dudes.
Non merci. Well, yeah. But sometimes, Carole, social pressure makes you do things you don't want to do, doesn't it?
There's not a lot of that right now. No, don't worry about it.
Well, this incident took place last year, but it's all coming out now in the official French MOD's report, which I have linked to in the show notes, where you can hear more about everything which happened.
But obviously a happy ending, otherwise I wouldn't have told this story. But extraordinary. And don't organise surprises for people. And that is why it was my pick of the week.
But obviously a happy ending, otherwise I wouldn't have told this story. But extraordinary. And don't organise surprises for people. And that is why it was my pick of the week.
I'll never organise a surprise for you ever again.
Thank you, Carole. Not even on your Animal Crossing island? Garry, what is your pick of the week?
My pick of the week: people burning down cell towers thinking they cause or worsen coronavirus. And unless I'm wrong, there were 3 arsons in England recently.
Yeah, 20 towers have been damaged.
Celebrities posting on social media about 5G being dangerous. It's just what I can say.
Disasters always bring this out in people, a tendency towards superstition and conspiracy theories.
Disasters always bring this out in people, a tendency towards superstition and conspiracy theories.
Yeah.
As with the 9/11 truthers, probably the first modern example of global conspiracy theory online. So now there's a new one every week.
And this behavior is for me, it's like going back to medieval times. It's like burning witches. Or throwing virgins into a volcano.
Yeah, by the way, Krakatoa just erupted, but finding virgins may be harder these days.
And this behavior is for me, it's like going back to medieval times. It's like burning witches. Or throwing virgins into a volcano.
Yeah, by the way, Krakatoa just erupted, but finding virgins may be harder these days.
I think in the old days, volcanoes weren't that easy to find. I don't know where you were living, Garry, but it wasn't happening that much.
Yeah, but it's amazing. It's just, you know, we have so much anti-science thinking that is so prevalent these days.
On the right, you have so many people who do not believe in climate change. On the left, you have people thinking that humans are the real virus.
And by the way, both sides have plenty of people who insist that vaccines are dangerous. This is what can happen without one vaccine.
On the right, you have so many people who do not believe in climate change. On the left, you have people thinking that humans are the real virus.
And by the way, both sides have plenty of people who insist that vaccines are dangerous. This is what can happen without one vaccine.
Do you think that's going to carry on being the case, people, the anti-vaxxers, considering we're currently all hanging out for a vaccine, or will people be reluctant to take the coronavirus vaccine when eventually it's developed?
Thinking it's going to be something nasty.
Thinking it's going to be something nasty.
I'm afraid that the conspiracy theories will not die.
Even today in America, in the midst of this pandemic, you have a lot of people saying, oh, it's just, you know, it's like an ordinary flu or, you know, it's— the fact is that conspiracy theories, they sound more attractive.
Even today in America, in the midst of this pandemic, you have a lot of people saying, oh, it's just, you know, it's like an ordinary flu or, you know, it's— the fact is that conspiracy theories, they sound more attractive.
It's not just that. It's just you don't know what to believe, right? People don't know what news sources are reliable. They don't trust the big media houses. They trust their friends.
And in America, you have, you know, now the truth is no longer being universal. You have, you know, the stories, you know, for red states and blue states.
So when the country is so divided, and it's not just America, I believe it's going across Europe, so it's so easy to sell fake news.
And that's why I'm not sure that even at the end of this crisis, pandemic crisis, so we'll have vaccination all over the place.
No, that's very clear that, you know, it's this, the vaccines, you know, it could save lives, but there'll be a lot of people saying the opposite.
So when the country is so divided, and it's not just America, I believe it's going across Europe, so it's so easy to sell fake news.
And that's why I'm not sure that even at the end of this crisis, pandemic crisis, so we'll have vaccination all over the place.
No, that's very clear that, you know, it's this, the vaccines, you know, it could save lives, but there'll be a lot of people saying the opposite.
Yes.
That's not sorry, my story doesn't have the same, you know, happy ending as yours.
Don't worry, I go last and mine's got a good ending.
You had volcanoes and virgins. I mean, who's to complain about that? Carole, what's your pick of the week?
Jesus, this show. So I have two things, right? Some of us need to get away from the virus, some of us need our daily fix, so I've got something for both of you.
Okay, first the daily fixers, the guys that need to read about it and want to have a different point of view.
So I have a friend based in Boston and she, among many things that she does, is an artist and she is currently creating an illustrative series on her day-to-day experiences since early March.
She returned from holiday to this whole new world.
And she has a young family, and the whole thing is drawn so fiercely and with feeling, and I just love it, and I wanted to share it with everybody.
So the artist is Maria Fotounakis. Her work is called Extraordinary Times: A COVID-19 Visual Journal, and the name is perfect because I think her work is extraordinary.
So you can find it on Webtoons, and I will put a link on the Smashing Security website.
Okay, first the daily fixers, the guys that need to read about it and want to have a different point of view.
So I have a friend based in Boston and she, among many things that she does, is an artist and she is currently creating an illustrative series on her day-to-day experiences since early March.
She returned from holiday to this whole new world.
And she has a young family, and the whole thing is drawn so fiercely and with feeling, and I just love it, and I wanted to share it with everybody.
So the artist is Maria Fotounakis. Her work is called Extraordinary Times: A COVID-19 Visual Journal, and the name is perfect because I think her work is extraordinary.
So you can find it on Webtoons, and I will put a link on the Smashing Security website.
I've had a chance to check this out already, and it is really... It is very good, I have to say. Really good stuff.
It is, it's beautiful.
Now, for those of you that need something entirely unrelated to what is going on, may I suggest reading the long Sunday article in New York Times called "The Weirdly Enduring Appeal of Weird Al Yankovic." Now, do you know him, Graham?
Now, for those of you that need something entirely unrelated to what is going on, may I suggest reading the long Sunday article in New York Times called "The Weirdly Enduring Appeal of Weird Al Yankovic." Now, do you know him, Graham?
Weird Al Yankovic, he is an American, well, not a sort of satirical pop star. He does sort of spoof songs, doesn't he? Has been doing it for decades.
40 years he's been doing it. Do you know him, Garry, or no?
No.
He's a genius, man. He's a genius. Let me tell you some of his songs, right?
Is he a genius?
Yeah.
He's a genius.
He's a genius, okay? The song "She Drives Me Crazy," he reworked into "She Drives Like Crazy." Yeah, smart.
That's not genius, Carole.
Okay, look, I'm talking to the chess champion, not you. "Addicted to Love," he turned into "Addicted to Spuds." You see? Brilliant.
Brilliant.
And "I Think We're Alone Now." "I Think I'm a Clone Now." Very, very apt for today's technology world, right?
Are we at all worried that society is dumbing down, Carole?
Look, it is a genius, genius piece.
I loved it.
And you don't even have to read it, for those who don't like to read, because The Daily gave it— put it on their podcast on Sunday so you can hear it read to you.
And it's, I listened— I read it and then I listened to it because I love Weird Al, and I remember all lyrics because I was about 12.
And it's, I listened— I read it and then I listened to it because I love Weird Al, and I remember all lyrics because I was about 12.
Does the audio version have excerpts from his songs as well?
Don't worry, I'm going to play an excerpt on this show. I'm going to break copyright and play an excerpt.
If you break copyright, just be aware, you know, they can just remove the show from—
Okay, okay. Well, Weird Al, maybe you'll give me permission.
Okay, it's all right for Weird Al to rip off everybody's song but not for you to rip off his song?
Yeah, I'll change some of the words in the song. Anyway, so those are my picks, picks of the week.
Marvelous. Well, on that uplifting but not necessarily that artistic note, that just about wraps it up.
Garry Kasparov, I'm sure lots of our listeners would love to follow you online. Thank you so much for joining us on the show.
Garry Kasparov, I'm sure lots of our listeners would love to follow you online. Thank you so much for joining us on the show.
Thanks for inviting me, Sir Wenders. Let's hope that, you know, we'll at one point, we can, you know, we can have this recording come to life.
Yes, that would be fantastic. Fantastic. In the meantime, what's the best way for people to find out more about you or to follow you online?
I have kasparov.com, my website, but Twitter is Kasparov63, and I'm all the time on Twitter. And of course I'm on Facebook as well.
Good man. Well, you can also follow us on Twitter @SmashingSecurity, no G. Twitter won't allow us to have a G.
And we also have an active community on Reddit on the Smashing Security subreddit. And if you want to leave us a little voicemail, you can do that as well.
Go to smashingsecurity.com/voicemail.
And we also have an active community on Reddit on the Smashing Security subreddit. And if you want to leave us a little voicemail, you can do that as well.
Go to smashingsecurity.com/voicemail.
A drizzillion thank yous for listening to us. You are keeping Smashing Security alive by listening to us each week, literally.
Also, a huge thank you to this week's Smashing Security sponsor, Boxcryptor. Its support helps us give you this show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
Also, a huge thank you to this week's Smashing Security sponsor, Boxcryptor. Its support helps us give you this show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
Until next time, cheerio, bye-bye.
Thank you.
Stay safe.
Thank you very much, Garry.
Thank you.
We really appreciate it. We will send you a link when the episode goes live.
Yes, he wants to go.
I know he wants to go.
Goodbye, Garry.
Yes, yes.
It turns out that it’s all too easy for people to be duped into starting free trials of an app, not realising they will be automatically converted into a paid subcription.
Such apps are often labelled as free, but just about every feature has to be paid for… so if you want to actually experience the app you need to make an in-app purchase or sign-up for a subscription. However, if the apps cannot perform their most basic core function without requiring a user to sign up for a subscription – how can that be considered free?
In some examples, subscriptions could end up costing users hundreds or even thousands of dollars per year.
In an update posted yesterday, Google announced new rules for Android app developers wishing to have their app distributed in the Google Play store:
You, as a developer, must not mislead users about any subscription services or content you offer within your app. It is critical to communicate clearly in any in-app promotions or splash screens.
In your app: You must be transparent about your offer. This includes being explicit about your offer terms, the cost of your subscription, the frequency of your billing cycle, and whether a subscription is required to use the app. Users should not have to perform any additional action to review the information.
Google lists some examples of the common violations they have seen in apps related to free trial offers and subscriptions:
- Monthly subscriptions that do not inform users they will be automatically renewed and charged every month.
- Annual subscriptions that most prominently display their pricing in terms of monthly cost.
- Subscription pricing and terms that are incompletely localized.
- In-app promotions that do not clearly demonstrate that a user can access content without a subscription (when available).
- SKU names that do not accurately convey the nature of the subscription, such as “Free Trial” for a subscription with an auto-recurring charge.
- Offers that do not clearly explain how long the free trial or introductory pricing will last.
- Offers that do not clearly explain that the user will be automatically enrolled in a paid subscription at the end of the offer period.
- Offers that do not clearly demonstrate that a user can access content without a trial (when available).
- Offer pricing and terms that are incompletely localized.
To illustrate some of the methods used by fleeceware, Google shared images of an example app breaking store policies related to subscriptions and free trial offers.
Google says that any new apps or app updates published on Google Play from now on must abide by the rules, and that existing apps have until mid-June to come into compliance.
Apple’s guidelines already require developers to make sure their “app description, screenshots, and previews clearly indicate whether any featured items, levels, subscriptions, etc. require additional purchases,” but in my investigations there are still plenty of sketchy apps (many of which are related to astrology or celebrity lookalikes) that continue to behave in what appears to be an underhand manner.
I installed one such celebrity lookalike app on my iPhone, and when i hit search it instantly demanded I signed up for a £7.99 weekly “Diamond Membership” subscription, whilst tantalisingly scrolling pictures of George Clooney (I should be so lucky…) and other potential lookalikes up and down my screen.
Another celebrity lookalike app for iOS informed me that my wife was a “99% doppelganger” match with someone famous. The famous celebrity’s image was tantalisingly obscured through pixelisation, but could be unlocked if I agreed to sign up for what would turn out to be an expensive weekly subscription.
Sophos researcher Jagadeesh Chandraiah, who did the initial research into Android fleeceware and more recently has studied fleeceware in the iOS App Store, welcomed the news of Google’s change in policy, and tweeted that he hoped Apple would follow suit with tougher regulations.
